Archived.
All maintenance and development now happens as part of monorepo.
Payas Relekar
629846a1f9
agenix uses age (a utility + standard) that encrypts secrets using ssh key. This simplifies secrets management quite a bit compared to GPG (my attempts for which have failed so far). Changes included: - Encrypt all current keys (mail, backups) using age, configured via agenix - All encrypted keys are committed to git repo and decrypted during boot - None of the keys are used anywhere just yet. They will replace file paths in future commit after testing - Decrypted keys are available after boot under user name with read-only permissions at default agenix location (as of this commit) - The Nix variable path is provided by agenix and can be used instead of having to recreate - multiple keys can be specified for single key, but for now I am only using one For now, the code is dirty and can definitely use improvements. It is just at a place where it is all working right now. TODO: Get age + agenix in environment packages available at runtime in NixOS Links: - https://github.com/ryantm/agenix - https://github.com/hlissner/dotfiles |
||
---|---|---|
cachix | ||
hosts/enterprise | ||
modules | ||
.gitignore | ||
cachix.nix | ||
flake.lock | ||
flake.nix | ||
hardware-configuration.nix | ||
nix.nix |